webmonitor | ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82 | Triage

Sharing

General

Target

ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
Size

950KB
Sample

221107-llq8qacear
MD5

99f0685b66a1378da325f746af950387
SHA1

050a5270ed025afd9c81e16ce75605bfdb945c6f
SHA256

ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
SHA512

a2b8e3ffaabd2a3c373f96f4a5d817734ccc3647a23da9e4e06c6e30e0523be97c51e82719469b2fbbdd3eaa7524623a5df510a01e3de87fc974d91efc6f6f4c
SSDEEP

24576:rbhCAzc/bU6qsguxKVITWnmNwU2LIkdI31h6DnjI:rc/Y6eiKVITWnmT2LIP6Dnk

Score

10^/10

webmonitor

Malware Config

Extracted

Family

webmonitor

C2

ornate.wm01.to:443

Attributes

config_key
1kpxw1WzxTN1WGOxLFxdvPh35xaLrMPC
private_key
tjej1gEDA
url_path
/recv5.php

Targets

- Target
  
  ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
- Size
  
  950KB
- MD5
  
  99f0685b66a1378da325f746af950387
- SHA1
  
  050a5270ed025afd9c81e16ce75605bfdb945c6f
- SHA256
  
  ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
- SHA512
  
  a2b8e3ffaabd2a3c373f96f4a5d817734ccc3647a23da9e4e06c6e30e0523be97c51e82719469b2fbbdd3eaa7524623a5df510a01e3de87fc974d91efc6f6f4c
- SSDEEP
  
  24576:rbhCAzc/bU6qsguxKVITWnmNwU2LIkdI31h6DnjI:rc/Y6eiKVITWnmT2LIP6Dnk
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2